mirror of
https://github.com/openappsec/openappsec.git
synced 2025-06-28 16:41:02 +03:00
173 lines
4.7 KiB
Bash
Executable File
173 lines
4.7 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
FILESYSTEM_PATH="/etc/cp"
|
|
LOG_FILE_PATH="/var/log"
|
|
USR_LIB_PATH="/usr/lib"
|
|
USR_SBIN_PATH="/usr/sbin"
|
|
INIT_D_PATH="/etc/init.d"
|
|
PACKAGES_DIR_PATH="packages"
|
|
ORCHESTRATION_NAME="orchestration"
|
|
LOG_PATH="nano_agent"
|
|
DEFAULT_EVENT_BUFFER_PATH="event_buffer"
|
|
CP_NANO_CTL="cpnano"
|
|
FORCE_STDOUT=true
|
|
CP_NANO_CTL_DEPRECATED="cp-ctl"
|
|
UNINSTALLATION_LOG_FILE="cp-nano-agent-uninstall.log"
|
|
var_arch="x86"
|
|
var_arch_flag=
|
|
var_gaia_release=1
|
|
var_mds_release=1
|
|
|
|
get_basename()
|
|
{
|
|
if command -v basename &>/dev/null; then
|
|
echo $(basename $1)
|
|
else
|
|
echo $(echo $1 | rev | cut -d / -f 1 | rev)
|
|
fi
|
|
}
|
|
|
|
load_paths()
|
|
{
|
|
[ -f /etc/environment ] && . "/etc/environment"
|
|
if [ -n "${CP_ENV_FILESYSTEM}" ]; then
|
|
FILESYSTEM_PATH=$CP_ENV_FILESYSTEM
|
|
fi
|
|
if [ -n "${CP_ENV_LOG_FILE}" ]; then
|
|
LOG_FILE_PATH=$CP_ENV_LOG_FILE
|
|
fi
|
|
if [ -n "${CP_USR_LIB_PATH}" ]; then
|
|
USR_LIB_PATH=$CP_USR_LIB_PATH
|
|
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$CP_USR_LIB_PATH/cpnano
|
|
fi
|
|
if [ -n "${CP_USR_SBIN_PATH}" ]; then
|
|
USR_SBIN_PATH=$CP_USR_SBIN_PATH
|
|
export PATH=$PATH:$CP_USR_SBIN_PATH
|
|
fi
|
|
if [ -n "${CP_INIT_D_PATH}" ]; then
|
|
INIT_D_PATH=$CP_INIT_D_PATH
|
|
fi
|
|
}
|
|
|
|
load_paths
|
|
|
|
cp_print()
|
|
{
|
|
if [ -n "$2" ] && [ "$2" = "true" ]; then
|
|
printf "%b" "$1"
|
|
fi
|
|
time_stamp=$(date)
|
|
printf "%b" "$1 [$time_stamp]" >>${LOG_FILE_PATH}/${LOG_PATH}/${UNINSTALLATION_LOG_FILE}
|
|
}
|
|
|
|
# Prerequisites for uninstallation
|
|
cur_uid=$(id -u)
|
|
if [ $cur_uid -ne 0 ]; then
|
|
cp_print "Error, cp-nano-agent service uninstallation requires root permissions, please re-run as root" ${FORCE_STDOUT}
|
|
exit 1
|
|
fi
|
|
|
|
ls -l /etc/ | grep release > /dev/null 2>&1
|
|
retval=$?
|
|
|
|
if [ $retval -eq 0 ]; then
|
|
cat /etc/*release | grep -q "Gaia"
|
|
var_gaia_release=$?
|
|
cat /etc/*release | grep -q "Multi-Domain Security Management"
|
|
var_mds_release=$?
|
|
fi
|
|
|
|
if [ $var_gaia_release -eq 0 ] || [ $var_mds_release -eq 0 ]; then
|
|
var_arch="gaia"
|
|
var_arch_flag="--gaia"
|
|
fi
|
|
|
|
cp_exec()
|
|
{
|
|
var_cmd=$1
|
|
var_std_out=$2
|
|
# Send exec output to RES
|
|
RES=$($var_cmd 2>&1)
|
|
if ! [ -z "$RES" ]; then
|
|
cp_print "$RES" $var_std_out
|
|
fi
|
|
}
|
|
|
|
uninstall_services()
|
|
{
|
|
for service in "${FILESYSTEM_PATH}/$PACKAGES_DIR_PATH"/*; do
|
|
SERVICE_NAME=$(get_basename $service)
|
|
UNINSTALL_FILE="$service/$SERVICE_NAME"
|
|
if [ "$SERVICE_NAME" = "${ORCHESTRATION_NAME}" ]; then
|
|
continue
|
|
fi
|
|
if [ ! -f "$UNINSTALL_FILE" ]; then
|
|
cp_print "Uninstall file for service $service does not exist. File: $UNINSTALL_FILE"
|
|
else
|
|
cp_print "Uninstalling $SERVICE_NAME" ${FORCE_STDOUT}
|
|
chmod +x "$UNINSTALL_FILE"
|
|
"$UNINSTALL_FILE" --uninstall
|
|
fi
|
|
done
|
|
}
|
|
|
|
remove_event_buffer()
|
|
{
|
|
cp_print "Removing event buffer directory.."
|
|
if [ -d ${LOG_FILE_PATH}/${LOG_PATH}/$DEFAULT_EVENT_BUFFER_PATH ]; then
|
|
cp_exec "rm -rf ${LOG_FILE_PATH}/${LOG_PATH}/$DEFAULT_EVENT_BUFFER_PATH"
|
|
else
|
|
cp_print "Event buffer directory was not found"
|
|
fi
|
|
}
|
|
|
|
is_smb=0
|
|
if [ -f /pfrm2.0/bin/cposd ]; then
|
|
is_smb=1
|
|
fi
|
|
|
|
INSTALLATION_TIME=$(date)
|
|
cp_print "Uninstalling Check Point Nano Agent [$INSTALLATION_TIME]" ${FORCE_STDOUT}
|
|
uninstall_services
|
|
${FILESYSTEM_PATH}/watchdog/cp-nano-watchdog --un-register ${FILESYSTEM_PATH}/${ORCHESTRATION_NAME}/cp-nano-orchestration $var_arch_flag
|
|
init_type="$INIT_D_PATH/nano_agent.init"
|
|
if [ $var_arch = "gaia" ]; then
|
|
cp_exec "rm -f ${FWDIR}/bin/curl"
|
|
cp_exec "rm -f ${CPDIR}/bin/openssl"
|
|
dbset process:cp-nano-watchdog
|
|
dbset process:cp-nano-watchdog:path
|
|
dbset process:cp-nano-watchdog:arg:1
|
|
dbset process:cp-nano-watchdog:runlevel
|
|
dbset :save
|
|
tellpm cp-nano-watchdog
|
|
chkconfig --del $INIT_D_PATH/access_pre_init
|
|
elif [ -f "$init_type" ]; then
|
|
cp_exec "$init_type stop"
|
|
cp_exec "rm -f $init_type"
|
|
else
|
|
cp_exec "service nano_agent stop"
|
|
cp_exec "rm -f /etc/systemd/system/nano_agent.service"
|
|
cp_exec "rm /sys/fs/cgroup/pids/system.slice/nano_agent.service"
|
|
cp_exec "rm /sys/fs/cgroup/devices/system.slice/nano_agent.service"
|
|
cp_exec "rm /etc/systemd/system/multi-user.target.wants/nano_agent.service"
|
|
fi
|
|
|
|
cp_exec "rm -rf ${FILESYSTEM_PATH}"
|
|
cp_exec "rm -f $USR_SBIN_PATH/cp_nano_agent_status"
|
|
cp_exec "rm -rf $USR_LIB_PATH/cpnano"
|
|
cp_exec "rm -f $USR_SBIN_PATH/cp-nano-agent-ctl"
|
|
cp_exec "rm -f $USR_SBIN_PATH/${CP_NANO_CTL}"
|
|
cp_exec "rm -f $USR_SBIN_PATH/${CP_NANO_CTL_DEPRECATED}"
|
|
|
|
if [ "$is_smb" = "1" ]; then
|
|
cp_print "Removing SMB specific dirs..."
|
|
cp_exec "rm -rf /storage/nano_agent/"
|
|
cp_exec "rm -rf /var/log/nano_agent/"
|
|
cp_exec "rm -f /pfrm2.0/etc/nano-egg-args"
|
|
|
|
cp_print "Done."
|
|
fi
|
|
|
|
remove_event_buffer
|
|
exit 0
|